Create an Indicator - Threat Intel Management Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Threat Intel Management Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-03-25
Category
Threat Intel Management Guide
Solution
Cloud
Abstract

Create incident manually, from an integration feed, or by adding Unit 42 data.

Indicators can be created manually, from an integration feed, or by adding Unit 42 data.

  • Create an indicator manually.

    1. Select Threat IntelNew Indicator.

    2. Add the Basic information.

      In the Verdict section you can either select a verdict or Calculate the verdict if the indicator exists in the Cortex XSOAR database.

    3. Add any custom indicator fields.

    4. Save the indicator.

  • Fetch indicators from Feed Integrations.

  • (TIM only) Add Unit 42 Intel Data to Cortex XSOAR.